U.S. federal law does not require government agencies to reveal if they've been hacked -- even if confidential information is lost -- unless personal information is stolen in a breach. Unfortunately for the U.S. Department of Energy, personal information was indeed lost on a recent hack on its systems from an unknown assailant.

In a letter to employees obtained byReuters and other news agencies, the DOE writes, "[The attack] resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information. Based on the findings of this investigation, no classified data was compromised."

The attack occurred in mid-January. It is unclear whether the attack was on the DOE headquarters, or on a sub-agency, such as the Energy Information Administration, which publishes data that helps keep oil, gas and electricity markets stable. Also unclear is the identity of the hackers. Many attacks on government facilities have come from China in recent years, however, domestic hackers also frequently have a bone to pick with the government.

The DOE, which handles classified information on nuclear safety and the energy markets, has been one of the many government agencies to be criticized for weak security in recent years. In a shocking 2006 incident, a methamphetamine lab was found to have memory sticks containing classified documents from Los Alamos National Lab, a top nuclear research facility. It was unclear how the drug manufacturers got their hands on the sensitive files.

The U.S. Department of Energy was hacked last month. [Image Source: WhiteHouse.gov]

In its letter the DOE promised to tighten security. It said it was deploying new tools both to protect assets on its servers and to monitor activity for signs of trouble.

The DOE is currently in a leadership transition period, with Energy Secretary Steven Chu unexpectedly resigning.